Professional Security Scanning

Security scanning
that explains itself.

20+ professional security tools. AI-powered insights on every finding — what it means, why it's dangerous, and exactly how to fix it.

25+ ToolsAI-PoweredReal-time Results
Scan Results
api.example.comScanning
Nuclei12 findings
Nmap3 open ports
Headers2 issues
SSL ScanSecure
2 Critical10 High5 Medium
AI identified 2 critical paths requiring immediate attention.
20+
Security tools
Professional tools, zero config
4
AI layers built-in
Insights · Fix · Suggest · Briefing
Every
Scan explained
Plain-language AI analysis
Free
To get started
No subscription, no per-scan limits
How it works

From target to report in four steps

Scan, analyze, understand, fix. The AI step is what makes it different.

01 /

Define what you're protecting

Add domains, IPs, or CIDR ranges as targets. Organize subdomains under parent domains. PTK tracks your entire attack surface across every scan.

02 /

Scan with 20+ professional tools

Choose a preset or pick specific tools. Run single scans, bulk scan 500 targets at once, or schedule recurring checks automatically with cron.

03 /
POWERED BY GEMINI AI

AI explains every finding

Every scan automatically generates a plain-language briefing — what was found, why it matters, and exactly what to fix first. No digging required.

04 /

Fix and track progress

Get copy-paste fix instructions per finding. Mark findings as resolved. Watch your security score improve over time. Export professional reports.

AI Layer

AI that works for you,
not the other way around.

Every scan produces intelligence, not just data. Four AI layers built directly into the platform — no add-ons, no extra cost, no setup.

Scan Insights
after every scan
Plain-language security briefing

After every scan, AI reads the findings and writes a summary any developer can understand. Critical issues first, safe things confirmed.

AI ANALYSISHIGH RISK
Two issues need immediate attention on
api.example.com.
PRIORITY ACTIONS
1.Restrict SSH port 22 to known IPs
2.Update nginx to 1.21+ (CVE patch)
No action needed on headers
AI Remediation
per finding
Exact fix instructions, stack-aware

Click any finding to get step-by-step fix instructions specific to your detected stack. Copy-paste ready commands, Docker instructions included.

HOW TO FIX THIS
nginx 1.18 — CVE-2021-23017
Path traversal flaw in nginx allows attackers
to read files outside the web root.
Fix (Ubuntu/Debian):
sudo apt update
sudo apt install nginx
Docker:
FROM nginx:1.21-alpine
(was: 1.18)
AI Preset Picker
before every scan
AI recommends what to scan

PTK learns from your scan history. Before running a scan, it suggests the best preset based on what was found before and what's detected on the target.

AI RECOMMENDATION
Vulnerability Scan
Previous scan found nginx 1.18 (still vulnerable). Track CVE status.
Estimated: ~20 minutes · Confidence: HIGH
Use recommendation
Pick manually
Daily Briefing
every morning
Your daily security summary

Your dashboard opens with a plain-language summary of what changed, why your score moved, and what needs attention today. No digging through logs.

SECURITY BRIEFING — Today
Your score dropped 78 → 61.
Cause: 2 new critical issues on api.example.com.
NEEDS ATTENTION TODAY:
api.example.com2 critical · 3 days old
admin.example.comnot scanned · 14d ago
mail.example.com improved: 72 → 89
AI insights are included in every exported report — PDF, CSV, and JSON downloads contain the full analysis. Start for free →
Tool library

20+ professional tools.
Zero configuration overhead.

Every tool pre-integrated, pre-configured with sane defaults, and producing structured findings. Intelligence tools run passively — no traffic sent to your target.

Nmap
network

Port scanning, service detection & CVE matching

  • Open ports & services
  • OS fingerprinting
  • CVE matching
  • Firewall analysis
Learn more →
TLS Info
network

SSL/TLS certificate & cipher suite analysis

  • Expired certificates
  • Weak cipher suites
  • Protocol mismatches
  • HSTS issues
Learn more →
Nuclei
web

Template-based vulnerability scanner (7,000+ templates)

  • CVEs & exposures
  • Misconfigurations
  • Default credentials
  • 7,000+ templates
Learn more →
Nikto
web

Web server misconfiguration scanner

  • Server misconfigs
  • Outdated software
  • Default files
  • Info disclosure
Learn more →
HTTPX
web

HTTP probe, tech fingerprinting & redirect analysis

  • HTTP/HTTPS status
  • Tech stack
  • Redirects
  • Response analysis
Learn more →
WAF Detector
web

WAF detection via wafw00f (180+ vendors)

  • WAF vendor
  • Bypass opportunities
  • Protection gaps
Learn more →
Headers
web

HTTP security headers analysis & grading (A–F)

  • Missing CSP
  • Missing HSTS
  • X-Frame-Options
  • Grade A–F
Learn more →
CORS Checker
web

CORS misconfiguration detection

  • Wildcard origins
  • Credential exposure
  • Origin reflection
Learn more →
Dalfox
web

XSS vulnerability scanner

  • Reflected XSS
  • Stored XSS
  • DOM-based XSS
  • Parameter injection
Learn more →
WhatWeb
web

Web technology fingerprinting

  • CMS detection
  • Framework detection
  • Version identification
  • Plugin detection
Learn more →
Subfinder
recon

Passive subdomain discovery (40+ sources)

  • Subdomains
  • Hidden assets
  • Scope expansion
  • 40+ passive sources
Learn more →
DNS Recon
recon

DNS enumeration, zone transfer & CNAME detection

  • Zone transfers
  • Dangling CNAMEs
  • Wildcard DNS
  • MX records
Learn more →
Takeover Check
recon

Subdomain takeover detection (S3, GitHub, Heroku)

  • Unclaimed S3 buckets
  • Heroku dangling
  • GitHub Pages
  • Azure endpoints
Learn more →
DMARC Checker
email

Email security: DMARC, SPF, DKIM & MX analysis

  • Missing DMARC
  • SPF misconfig
  • DKIM failures
  • Email spoofing risk
Learn more →
WPScan
cms

WordPress vulnerability scanner

  • Vulnerable plugins
  • Outdated themes
  • User enumeration
  • WP core CVEs
Learn more →
Shodan
intelligence

Internet-wide scan data — historical port/service info

  • Historical ports
  • Exposed services
  • Banners
  • Geolocation
Learn more →
Censys
intelligence

Certificate and service intelligence

  • Certificate data
  • Service enumeration
  • ASN info
  • TLS metadata
Learn more →
AbuseIPDB
intelligence

IP reputation and abuse history lookup

  • Abuse score
  • Report count
  • Attack history
  • Country data
Learn more →
VirusTotal
intelligence

URL and domain reputation across 70+ AV engines

  • Malware detection
  • Phishing flags
  • Domain reputation
  • URL analysis
Learn more →
XposedOrNot
intelligence

XposedOrNot — free breach data exposure check, no API key needed

  • Breach history
  • Exposed records
  • Data categories
  • Verified breaches
Learn more →
Features
AI in every report

AI insights in
every exported report.

When you download a PDF, CSV, or JSON report, the AI analysis comes with it — plain-language summaries, priority actions, and fix instructions per finding. Share with your client without rewriting anything.

  • AI summary at the top of every PDF
  • Per-finding remediation included
  • Priority actions listed first
  • Positive notes on what's working
Report — api.example.com — scan #2841
AI SUMMARY
2 critical issues require immediate action. SSH on port 22 is exposed to the entire internet. Nginx 1.18 has a known path traversal CVE. Fix these before deploying.
1.Restrict SSH port 22 to known IPs
2.Update nginx to 1.21+
3
CRITICAL
7
HIGH
12
MEDIUM
8
LOW
PDF
CSV
JSON
Bulk scanning

Scan 500 targets.
Watch every one.

Upload a list of targets or paste them directly. PTK fans out across Celery workers in smart batches — fast tools run immediately, slow tools queue intelligently. Watch per-target progress in real time.

  • Up to 500 targets per job
  • Per-target progress tracking
  • Smart batching by tool speed
  • AI analysis per target
Bulk scan — 12 targets
api.example.com
done
admin.example.com
done
mail.example.com
running
dev.example.com
running
staging.example.com
queued
vpn.example.com
queued
cdn.example.com
queued
auth.example.com
queued
db.example.com
queued
Progress4 / 12 complete
Scheduled monitoring

Set it. Get briefed
when something changes.

Schedule scans with cron — daily, weekly, monthly, or custom. Get email alerts on new critical findings. Your dashboard explains what changed and why, every morning.

  • 6 built-in schedules + custom cron
  • Email on new critical findings
  • AI daily briefing on changes
  • Score trend over 30 days
Scheduled scans — active
Production — Weekly nmap + nuclei
0 0 * * 1 · Mon 00:00 UTC
ACTIVENext: Mon 00:00
Staging — Daily httpx check
0 6 * * * · Daily 06:00 UTC
ACTIVENext: 06:00 today
Client A — Monthly full scan
0 0 1 * * · 1st of month
PAUSED
Bug bounty scope — Bi-weekly
0 0 */14 * * · Every 14 days
ACTIVENext: in 6 days
Attack surface tracking

Organize assets
like a professional.

Group subdomains under their parent domain. Every target gets its own score, finding history, and scan timeline. Run subfinder and bulk-scan the discoveries in two clicks.

  • Parent → subdomain hierarchy
  • Per-target security score
  • Attack surface tracking
  • Subfinder → bulk scan in 2 clicks
Targets — attack surface view
example.comScore: 61
├─ api.example.comScore: 88
├─ admin.example.comScore: 34
├─ mail.example.comScore: 79
├─ dev.example.comScore: 51
└─ staging.example.comScore: 58
Open ports across scope:
:22 SSH:80 HTTP:443 HTTPS:3306 MySQL:5432 Postgres
Subdomain discovery

From domain to attack surface
in two clicks.

The subfinder flow is PTK's most powerful feature. Discover, organize, and bulk scan your entire subdomain landscape automatically.

STEP 01

Add target

example.com
Add your root domain
STEP 02

Run Subfinder

subfinder example.com
Passive · 40+ sources
STEP 03

Subdomains found

api.example.com
admin.example.com
mail.example.com
+ 9 more discovered
STEP 04

Bulk scan all

nmap · 12 targets
Per-target progress
Smart batching
STEP 05

Organized

example.com
├─ api. 88
├─ admin. 34
Auto-organized
Compare

Why not just use Intruder?

We're honest about the tradeoffs. The AI rows are where PTK is genuinely different.

FeaturePTKIntruderPentest-ToolsAstra
Free to start✓ Yes✗ Paid onlyTrial only✗ Paid only
CostFree plan$260–2,880/yrCredit-based$1,999+/yr
AI scan insights✓ Built-inPartial
AI remediation✓ Per-finding
AI daily briefing✓ Yes
AI in reports✓ Yes
Raw tool output✓ Full access✗ HiddenPartial✗ Hidden
Full tool config✓ FullLimitedLimitedLimited
Bulk 500 targets✓ YesLimitedLimitedLimited
Subfinder flow✓ Built-in
Scheduled scans✓ Yes✓ Yes✓ Yes✓ Yes
PDF reports✓ Yes✓ Yes✓ Yes✓ Yes
Team collaborationRoadmap✓ Yes✓ Yes✓ Yes
Compliance reportsRoadmap✓ YesPartial✓ Yes
Roadmap = planned, not yet available · AI rows = Pentoolkit differentiators · We don't claim what we haven't built.
Who it's for

Built for people who
actually run scans.

Not a compliance checkbox. A working tool for working security professionals.

The solo pentester

You know nmap, nuclei, and subfinder. You run them separately and lose track of findings. PTK gives you one place for everything — plus AI that writes the briefing so you don't have to.

  • 20+ tools, zero config overhead
  • AI briefing after every scan
  • Raw XML/JSON always accessible
  • No credits, no per-scan limits
The security team

Your company has 50 domains and needs continuous monitoring. PTK runs scheduled scans, AI explains what changed each week, and your score trend proves security is improving over time.

  • Scheduled scanning with email alerts
  • AI daily briefing explains score changes
  • Finding status tracking (open/fixed/accepted)
  • 30-day security score trend
The consultant

You scan client assets and need professional deliverables. PTK organizes targets by client, AI writes the finding explanations, and PDF reports include remediation steps clients can follow.

  • Target groups per client
  • AI remediation in exported reports
  • Bulk scan up to 500 targets
  • PDF, CSV, JSON export in one click
Get started

Up and scanning
in minutes.

No installation. No configuration. Open your browser, start scanning, get AI insights.

01
Create your account

Sign up in seconds. No credit card required. Your account is ready immediately.

02
Add your targets

Add domains, IPs, or CIDR ranges. Organize them into groups by client or project.

03
Run your first scan

Pick a preset, launch. Results appear in real time. AI analysis starts automatically.

04
Read your briefing

AI explains every finding — what it means, why it's dangerous, and how to fix it.

Create free account
Get started today

Security scanning that
actually explains itself.

20+ tools. AI insights on every finding.
Professional reports. Free to start.

Every scan automatically tells you what was found, why it's dangerous, and exactly how to fix it.
Start scanning freeSee the tools →
No credit cardNo setupPowered by Gemini AI